I thought I would at least get a "yes, seems reasonable, show us a
patch" as a response to my previous email on this subject.
Out of curiousity, I traced the bug back to when the function in
question was introduced to heimdal, version 0.0n. Even if the bug is
now old enough to buy me a drink (in most juristdictions), I felt it's
time to do something about it. See attached patch.
Harald.
--- cpw.c.orig 2017-12-07 05:11:23.000000000 +0100
+++ cpw.c 2019-03-04 14:37:57.253372844 +0100
@@ -101,13 +101,16 @@
ret = UI_UTIL_read_pw_string(pwbuf, sizeof(pwbuf), prompt, 1);
free (prompt);
if(ret){
- return 0; /* XXX error code? */
+ ret = KRB5_LIBOS_BADPWDMATCH;
+ krb5_set_error_message(context, ret, "failed to verify password");
+ goto out;
}
password = pwbuf;
}
if(ret == 0)
ret = kadm5_chpass_principal_3(kadm_handle, principal, keepold, 0, NULL,
password);
+out:
memset(pwbuf, 0, sizeof(pwbuf));
return ret;
}
